diff --git a/tests/acl/templates/acltb_test_rules_part_1.j2 b/tests/acl/templates/acltb_test_rules_part_1.j2 index 4583a14977c..f7c1483f9a5 100644 --- a/tests/acl/templates/acltb_test_rules_part_1.j2 +++ b/tests/acl/templates/acltb_test_rules_part_1.j2 @@ -125,6 +125,21 @@ "destination-port": "179" } } + }, + "29": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 29 + }, + "ip": { + "config": { + "destination-ip-address": "{{ loopback_ip }}/32" + } + } } } } diff --git a/tests/acl/templates/acltb_test_rules_part_2.j2 b/tests/acl/templates/acltb_test_rules_part_2.j2 index 0119fc83bb8..faa0b39c3a0 100644 --- a/tests/acl/templates/acltb_test_rules_part_2.j2 +++ b/tests/acl/templates/acltb_test_rules_part_2.j2 @@ -510,6 +510,21 @@ "destination-ip-address": "192.168.0.122/32" } } + }, + "34": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 34 + }, + "ip": { + "config": { + "destination-ip-address": "{{ loopback_ip }}/32" + } + } } } } diff --git a/tests/acl/templates/acltb_test_rules_permit_loopback.j2 b/tests/acl/templates/acltb_test_rules_permit_loopback.j2 new file mode 100644 index 00000000000..faa0b39c3a0 --- /dev/null +++ b/tests/acl/templates/acltb_test_rules_permit_loopback.j2 @@ -0,0 +1,535 @@ +{ + "acl": { + "acl-sets": { + "acl-set": { + "{{ acl_table_name }}": { + "acl-entries": { + "acl-entry": { + "1": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 1 + }, + "ip": { + "config": { + "source-ip-address": "20.0.0.2/32" + } + } + }, + "2": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 2 + }, + "ip": { + "config": { + "destination-ip-address": "192.168.0.252/32" + } + } + }, + "3": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 3 + }, + "ip": { + "config": { + "destination-ip-address": "193.191.32.1/32" + } + } + }, + "4": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 4 + }, + "transport": { + "config": { + "source-port": "4621" + } + } + }, + "5": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 5 + }, + "ip": { + "config": { + "protocol": 126 + } + } + }, + "6": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 6 + }, + "transport": { + "config": { + "tcp-flags": ["TCP_ACK", "TCP_PSH", "TCP_FIN", "TCP_SYN"] + } + } + }, + "7": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 7 + }, + "ip": { + "config": { + "source-ip-address": "20.0.0.3/32" + } + } + }, + "8": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 8 + }, + "ip": { + "config": { + "source-ip-address": "20.0.0.3/32" + } + } + }, + "9": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 9 + }, + "transport": { + "config": { + "destination-port": "4631" + } + } + }, + "10": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 10 + }, + "transport": { + "config": { + "source-port": "4656..4671" + } + } + }, + "11": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 11 + }, + "transport": { + "config": { + "destination-port": "4640..4687" + } + } + }, + "12": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 12 + }, + "ip": { + "config": { + "protocol":1, + "source-ip-address": "20.0.0.4/32" + } + } + }, + "13": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 13 + }, + "ip": { + "config": { + "protocol":17, + "source-ip-address": "20.0.0.4/32" + } + } + }, + "14": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 14 + }, + "ip": { + "config": { + "source-ip-address": "20.0.0.6/32" + } + } + }, + "15": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 15 + }, + "ip": { + "config": { + "destination-ip-address": "192.168.0.251/32" + } + } + }, + "16": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 16 + }, + "ip": { + "config": { + "destination-ip-address": "193.221.112.1/32" + } + } + }, + "17": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 17 + }, + "transport": { + "config": { + "source-port": "4721" + } + } + }, + "18": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 18 + }, + "ip": { + "config": { + "protocol": 127 + } + } + }, + "19": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 19 + }, + "transport": { + "config": { + "tcp-flags": ["TCP_RST", "TCP_URG"] + } + } + }, + "20": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 20 + }, + "ip": { + "config": { + "source-ip-address": "20.0.0.7/32" + } + } + }, + "21": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 21 + }, + "ip": { + "config": { + "source-ip-address": "20.0.0.7/32" + } + } + }, + "22": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 22 + }, + "transport": { + "config": { + "destination-port": "4731" + } + } + }, + "23": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 23 + }, + "transport": { + "config": { + "source-port": "4756..4771" + } + } + }, + "24": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 24 + }, + "transport": { + "config": { + "destination-port": "4740..4787" + } + } + }, + "25": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 25 + }, + "ip": { + "config": { + "protocol":1, + "source-ip-address": "20.0.0.8/32" + } + } + }, + "26": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 26 + }, + "ip": { + "config": { + "protocol":17, + "source-ip-address": "20.0.0.8/32" + } + } + }, + "27": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 27 + }, + "transport": { + "config": { + "source-port": "179" + } + } + }, + "28": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 28 + }, + "transport": { + "config": { + "destination-port": "179" + } + } + }, + "29": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 29 + }, + "ip": { + "config": { + "protocol": 1, + "source-ip-address": "20.0.0.10/32" + } + }, + "icmp": { + "config": { + "type": 3, + "code": 1 + } + } + }, + "30": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 30 + }, + "ip": { + "config": { + "destination-ip-address": "192.168.1.66/32" + } + } + }, + "31": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 31 + }, + "ip": { + "config": { + "destination-ip-address": "192.168.1.67/32" + } + } + }, + "32": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 32 + }, + "ip": { + "config": { + "destination-ip-address": "192.168.0.121/32" + } + } + }, + "33": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 33 + }, + "ip": { + "config": { + "destination-ip-address": "192.168.0.122/32" + } + } + }, + "34": { + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "config": { + "sequence-id": 34 + }, + "ip": { + "config": { + "destination-ip-address": "{{ loopback_ip }}/32" + } + } + } + } + } + } + } + } + } +} diff --git a/tests/acl/test_acl.py b/tests/acl/test_acl.py index ce87c68f687..d881bd3ed49 100644 --- a/tests/acl/test_acl.py +++ b/tests/acl/test_acl.py @@ -25,6 +25,7 @@ from tests.common.fixtures.conn_graph_facts import conn_graph_facts # noqa F401 from tests.common.platform.processes_utils import wait_critical_processes from tests.common.platform.interface_utils import check_all_interface_information +from tests.qos.tunnel_qos_remap_base import get_iface_ip logger = logging.getLogger(__name__) @@ -46,7 +47,7 @@ # TODO: We really shouldn't have two separate templates for v4 and v6, need to combine them somehow ACL_RULES_FULL_TEMPLATE = { - "ipv4": "acltb_test_rules.j2", + "ipv4": "acltb_test_rules_permit_loopback.j2", "ipv6": "acltb_v6_test_rules.j2" } ACL_RULES_PART_TEMPLATES = { @@ -357,14 +358,18 @@ def setup(duthosts, ptfhost, rand_selected_dut, rand_unselected_dut, tbinfo, ptf # source or destination port if 'dualtor' in tbinfo['topo']['name'] and rand_unselected_dut is not None: peer_mg_facts = rand_unselected_dut.get_extended_minigraph_facts(tbinfo) + lo_dev = "Loopback2" for interface, neighbor in list(peer_mg_facts['minigraph_neighbors'].items()): if (topo == "t1" and "T2" in neighbor["name"]) or (topo == "t0" and "T1" in neighbor["name"]): port_id = peer_mg_facts["minigraph_ptf_indices"][interface] upstream_port_ids.append(port_id) upstream_port_id_to_router_mac_map[port_id] = rand_unselected_dut.facts["router_mac"] + else: + lo_dev = "Loopback0" # Get the list of LAGs port_channels = mg_facts["minigraph_portchannels"] + selected_tor_loopback_ip = get_iface_ip(mg_facts, lo_dev) # TODO: We should make this more robust (i.e. bind all active front-panel ports) acl_table_ports = defaultdict(list) @@ -404,7 +409,8 @@ def setup(duthosts, ptfhost, rand_selected_dut, rand_unselected_dut, tbinfo, ptf "acl_table_ports": acl_table_ports, "vlan_ports": vlan_ports, "topo": topo, - "vlan_mac": vlan_mac + "vlan_mac": vlan_mac, + "loopback_ip": selected_tor_loopback_ip } logger.info("Gathered variables for ACL test:\n{}".format(pprint.pformat(setup_information))) @@ -565,7 +571,8 @@ def acl_table(duthosts, rand_one_dut_hostname, setup, stage, ip_version, tbinfo, "table_name": table_name, "table_ports": ",".join(setup["acl_table_ports"]['']), "table_stage": stage, - "table_type": "L3" if ip_version == "ipv4" else "L3V6" + "table_type": "L3" if ip_version == "ipv4" else "L3V6", + "loopback_ip": setup["loopback_ip"] } logger.info("Generated ACL table configuration:\n{}".format(pprint.pformat(acl_table_config))) @@ -1214,7 +1221,9 @@ def setup_rules(self, dut, acl_table, ip_version): """ table_name = acl_table["table_name"] + loopback_ip = acl_table["loopback_ip"] dut.host.options["variable_manager"].extra_vars.update({"acl_table_name": table_name}) + dut.host.options["variable_manager"].extra_vars.update({"loopback_ip": loopback_ip}) logger.info("Generating basic ACL rules config for ACL table \"{}\" on {}".format(table_name, dut)) @@ -1242,7 +1251,9 @@ def setup_rules(self, dut, acl_table, ip_version): """ table_name = acl_table["table_name"] + loopback_ip = acl_table["loopback_ip"] dut.host.options["variable_manager"].extra_vars.update({"acl_table_name": table_name}) + dut.host.options["variable_manager"].extra_vars.update({"loopback_ip": loopback_ip}) logger.info("Generating incremental ACL rules config for ACL table \"{}\"" .format(table_name)) diff --git a/tests/common/plugins/conditional_mark/tests_mark_conditions.yaml b/tests/common/plugins/conditional_mark/tests_mark_conditions.yaml index 1a4ff6643d6..48147913f3f 100644 --- a/tests/common/plugins/conditional_mark/tests_mark_conditions.yaml +++ b/tests/common/plugins/conditional_mark/tests_mark_conditions.yaml @@ -18,12 +18,6 @@ acl/null_route/test_null_route_helper.py: conditions: - "'dualtor' in topo_name" -acl/test_acl.py: - xfail: - reason: "ACL test is not supported on mellanox platform with dualtor topology " - conditions: - - "asic_type in ['mellanox'] and 'dualtor' in topo_name" - acl/test_acl_outer_vlan.py: #Outer VLAN id match support is planned for future release with SONIC on Cisco 8000 #For the current release, will mark the related test cases as XFAIL